Refactor updating enterprise policies

[1rneh]

• Refactor updating remote policies
• Fix merging policies of a combined provider when remote policies are updated

[gcp]

This will cause the policy to be removed because it doesn't go in parsedPolicies, unclear if that is what you want.

[1rneh]

Good point! I didn't change that behavior. But let's re-think this :)

We have two options when encountering invalid parameters:

• Policy is currently active: We can remove the policy or keep it active with unchanged parameters. I think I prefer the latter. It's seems more intentional. In both ways we can warn in the logs about invalid parameters.
• Policy is currently inactive: Do nothing.

[Mossop]

This function is only called during initialization though so the policy cannot already be active here. The question is what happens later when the policies are updated if this invalid policy isn't listed in _parsedPolicies. It looks to me like you don't want it in _parsedPolicies because that would then cause us to try to call an onRemove handler for the policy even though we haven't actually applied it.

[1rneh]

Update: This patch includes:

• Refactor updating remote policies
• Fix merging policies of a combined provider when remote policies are updated
• Test merging local and remote policies

Question:
What should we do with the tests under browser/components/enterprisepolicies? Is it enough to run them with local policies?

[gcp]

Given how error prone updating _status is, maybe we can add some sanity checks here for inconsistent status?

[1rneh]

Why is _status error prone?

[lissyx]

Question: What should we do with the tests under browser/components/enterprisepolicies? Is it enough to run them with local policies?

(I have not had a look at the PR yet so this may be invalid) From past experience I ran several times in regressions I introduced with remote fetching that broke some policies. So I think we should try and run with both, but maybe not right now, and maybe we'd like to scope them in a flagged suite, maybe enterprise subsuite for mochtest browser and xpcshell ?

[1rneh]

What should we do with the tests under browser/components/enterprisepolicies? Is it enough to run them with local policies?

From an offline conversation with @mkaply:

Tests under /browser/components/enterprisepolicies/ cover each policy logic. Tests under /toolkit/components/enterprisepolicies/ test the policy engine. We should test whether each policy is applied correctly when provided remotely after startup (not during engine initialization).

[1rneh]

This PR is growing and entails quite a lot of entangled changes and therefore difficult to split into multiple patches:

• Bug 2015809 - Fix merging local and remote policies
• Add preference to control policy provision for Bug 2012440 - Repack disables local policies.json and GPO
• Bug 2015833 - Fetch remote policies during policy engine initialisation
• Removing test suite /browser/components/enterprisepolicies/**/live because it's not testing the policies in a different way except that they are getting applied remotely. That irrelevant for the policy logic. We should aim for test that test the policies when applied remotely and after startup
• General refactoring

Note:
Leave out the tests in your review for now. I just noticed that I have removed Testing.servePolicyWithJson but it's still used in the /browser/components/enterprisepolicies/ tests. I will have to fix this first.

[Mossop]

Throughout this test you verify the state of the active policies but you should sprinkle in checks that policyValue has the expected state after updates.

[Mossop]

Suggested change

	// Combine policies with primaryProvider taking precedence.
	// We only do this for top level policies.
	this._policies = this._primary._policies;
	for (let policyName of Object.keys(this._secondary.policies)) {
	this._policies = structuredClone(this._primaryProvider.policies);
	for (let [policyName, policyParams] of Object.entries(
	this._secondaryProvider.policies || {}
	)) {
	if (!(policyName in this._policies)) {
	this._policies[policyName] = this._secondary.policies[policyName];
	this._policies[policyName] = policyParams;
	}
	}
	// Combine policies with primaryProvider taking precedence.
	// We only do this for top level policies.
	return Object.assign({}, this._secondaryProvider.policies ?? {}, this._primaryProvider.policies);

[Mossop]

I think this is just a manual implementation of Object.assign

[Mossop]

You don't have to do it here but I think things would make a lot more sense if instead of having CombinedProvider merge two policies it could instead merge any number of policies. Then instead of a binary tree of policy providers there would just be a single CombinedProfiler holding all the real providers and it would be able to merge them all in a single operation.

[Mossop]

This function is only called during initialization though so the policy cannot already be active here. The question is what happens later when the policies are updated if this invalid policy isn't listed in _parsedPolicies. It looks to me like you don't want it in _parsedPolicies because that would then cause us to try to call an onRemove handler for the policy even though we haven't actually applied it.

[Mossop]

_validatePolicyParams already logs warnings in the event of invalid data so we don't need to do it here.

[Mossop]

Suggested change

	this._resetEngine().then(null, console.error);
	this._resetEngine().catch(console.error);

[Mossop]

This should set the status to FAILED if this._provider.failed

[mkaply]

I've asked some questions and made a few suggestions, but assuming this pasts the tests (and you've addressed Mossop's questions), this seems good.

[mkaply]

Why was this added? As said above, Preference.unlock is harmless?

[mkaply]

What's the reason the same JS is loaded into two different identifiers?

[mkaply]

This is unrelated to this patch.